package com.test.demo.security.controller;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.tags.Tag;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

import java.util.List;

@RestController
@RequestMapping("/api/admin")
@Tag(name = "Admin", description = "管理员专属接口")
@SecurityRequirement(name = "bearerAuth")
public class AdminController {

    @GetMapping("/users")
    @PreAuthorize("hasRole('ADMIN')")
    @Operation(summary = "分页查询所有用户")
    public List<AdminUserDto> listUsers() {
        return List.of(
                new AdminUserDto(1L, "张三", "zhangsan@example.com", "USER"),
                new AdminUserDto(2L, "李四", "lisi@example.com", "USER")
        );
    }

    @DeleteMapping("/users/{id}")
    @PreAuthorize("hasRole('ADMIN')")
    @Operation(summary = "根据ID删除用户")
    public void deleteUser(@PathVariable Long id) {
        // 业务删除逻辑
    }

    // ---------- DTO ----------
    public record AdminUserDto(Long id, String name, String email, String role) {
    }
}